Header lines are added in "reverse order": each mail server adds its line at the beginning of the header. So here my mail server (arges.bolet.org) received a connection for a mail which, at the SMTP level, was destined to me (over the connection, the other machine sent: RCPT TO: pornin@bolet.org). As part of the SMTP protocol, that machine first sent an HELO command in which it claimed to be "davisandsons.net"; my mail server looked at the source IP address (213.238.65.230) and did a reverse DNS resolution on it, yielding "213-238-65-230.adsl.inetia.pl" (from an ISP in Poland). It turns out that "davisandsons.net" can be resolved to a quite different IP address, nominally from England.

This first Received: header was added by my mail server, so it is trustworthy. The next line, and all subsequent lines, however, were sent as is by that Polish machine which began the conversation by claiming it was in England, a blatant lie, thus not the greatest way to build mutual trust. That header could be completely phony. Assuming it is not bogus, it would indicate that the mail originated from the local machine, by a user called "apache". The probable scenario is then: the home PC of some poor guy in Poland is an infected zombie, which relays spam. The infection might have began through a poorly configured Apache Web server on that machine.

(Spamassassin rated that specific spam with a whooping 20.5 score, and I automatically zap incoming emails with a score of 5.0 or more.)

Exposing the previous mail server during transit is common because it helps a lot in fighting spam.

But exposing the very first sender is often undesirable for privacy and security reasons. Some mail provider therefore omit it from the header and other mail providers treat the original sender just like any other source.

As a side note: "Received" headers can be forged, so you always have to start reading them from the top and carefully validate them.

"Exposing the previous mail server during transit is common because it helps a lot in fighting spam." I believed it was done to prevent mail loops.
–
curiousguyOct 9 '11 at 17:39

@curiousguy Loop detection usually works on comparing the own server name with the by-parts of Received headers, counting the number of Received headers, or a local message id databases. Comparing the name in the sender part only works if it is a tight loop or the next hop plays nicely. So the "by"-approach has significant advantages.
–
Hendrik BrummermannOct 9 '11 at 17:53

That choice is completely up to the server the device talks to. It could include a Received header that contains information to identify the device such as its IP address. But it can also include no such header at all. It is completely an implementation option.

Logically speaking, it depends on whether you consider the device or the server to have originated the email. For example, web-based services such as GMail generally consider the server to have originated the email, so no information to identify the device is included. More traditional email services accessed by IMAP and POP often do consider the end device to have originated the email.